<?php
@ini_set('error_reporting',E_ALL);
@ini_set("display_errors","on");
error_reporting(E_ALL);
function detectSpam($text)
{
$search = array("a href","http://","adult","bussiness","casino","cialis","diazepan","drugs","enlarge","free money","hotels","penis","phentermine","pills","porno","sex","teen","viagra");
$search = "(".implode(")|(",$search).")";
return eregi($search,$text);
}
function bookReaddata($file_name,$data_sep)
{
global $ERRORS;
$file = @file($file_name);
$data = '';
if ($file) {
	$j = 0;
	$l = count($file);
	$i = $l-1;
	$reg = addslashes($data_sep);
	while ($i>=0 && $j<10 && isset($file[$i]))
		{
		$buffer = $file[$i];
//echo $buffer."<hr>";
		if ($buffer!=="" && ereg($reg,$buffer))
		  {
		$msg  = array();
		$pos1 = 0;
		for ($k=0;$k<6;$k++)
			{
			$pos2 = strpos($buffer,$data_sep,$pos1);
			if ($pos2) {$msg[] = substr($buffer,$pos1,$pos2-$pos1); $pos1 = $pos2+1;}
			else {$pos2=-1; break;}
			}
//		$pos2 = strpos($buffer,$data_sep,$pos1);
		if ($pos2) {$msg[] = substr($buffer,$pos1,strlen($buffer)-$pos1);}
//		$msg = explode($data_sep,$buffer);
		if (count($msg)===7)
		    {
/*mail*/	$msg[3] = ($msg[3]!=="") ? "<a href=\"mailto:{$msg[3]}\">mail</a>" : "";
/*icq*/		$msg[4] = ($msg[4]!=="") ? "<a href=\"http://web.icq.com/wwp?Uin={$msg[4]}\">icq</a>" : "";
/*www*/		$msg[5] = ($msg[5]!=="") ? "<a href=\"{$msg[5]}\">www</a>" : "";
		$s = array();
		for ($k=3;$k<6;$k++)
			{if ($msg[$k]!=="") {$s[] = $msg[$k];}}
		$s = count($s)>0 ? "\n\t(".(count($s)>1 ? implode(", ",$s) : $s[0]).")" : "";
		$data.= "\n<div><hr/>";
		$data.= "\n<span>{$i}.</span>";
		$data.= "\n<!--{$msg[0]}-->";
		$data.= "\n<i>{$msg[1]}</i>";
		$data.= "\n<b>{$msg[2]}</b>$s";
		$data.= "\n<div>{$msg[6]}</div>";
		$data.= "\n</div>\n";
		$j++;
		    }
		else $ERRORS[] = 'read - bad data format2 on line '.$i;
		  }
		else $ERRORS[] = 'read - bad data format1 on line '.$i;
		$i--;
		}
	}
return $data;
}
function bookWritedata($file_name,$data_to_save,$end_time)
{
global $ERRORS;
if ($fp = fopen($file_name,'a+'))
	{
	$start_time = microtime();
	do	{
		$can_write = flock($fp, LOCK_EX);
		if (!$can_write)
			{usleep(round(rand(0,100)*1000));}
		}
	while ((!$can_write) and ((microtime() - $start_time) < $end_time));
	if ($can_write)
		{fputs($fp,$data_to_save."\n",4096);}	//omezeni na 4k textu
	else $ERRORS[] = 'write - file write error';
	fclose($fp); 
	}
else $ERRORS[] = 'write - file open error';
}
function getIP()
{
$ip1 = getenv('REMOTE_ADDR');		//proxy
$ip2 = getenv('HTTP_X_FORWARDED_FOR');	//behind proxy
$ip  = ($ip2!='' && ip2long($ip2)!=-1) ? ip2long($ip2) : $ip1;
$ip  = substr($ip,0,15);
return $ip;
}
//soubor se vzkazy
$file_name = './ppbook6.php';		//php/txt
$file_data = './ppbook6-data.txt';
$data_sep  = '<';
$ERRORS    = array();
if (!file_exists($file_name))
	{
	$fp = fopen($file_name,"w");
	fclose($fp);
	@chmod($file_name,0755);		//!nastavit prava k zapisu souboru, 755 (rwx r.x r.x) nebo 644 (rw. r.. r..) (owner-vlastnik, group-skupina, other-ostatni, r-read, w-write, x-execute; umask, mkdir)
	}
if (count($HTTP_POST_VARS))
	{
	//napln $msg, zkontruj a uprav udaje
	$msg = array();
	$msg['ip']   = getIP();
	$msg['date'] = date("d.m.Y H:i",time());
	$z = 'msg';
	$a = 'name';	$x = isset($_POST[$z.$a]) ? $_POST[$z.$a] : "";
	$reg = "[^a-zA-Z0-9]";
	$x = ereg_replace($reg,"",$x);
	$x = substr($x,0,32);
	$x = htmlspecialchars($x);
	$msg[$a] = $x;
	$a = 'mail';	$x = isset($_POST[$z.$a]) ? $_POST[$z.$a] : "";
	$reg = "@";
	$x = (ereg($reg,$x)) ? ereg_replace($reg,"@",$x) : "";
	$x = substr($x,0,200);
	$x = htmlspecialchars($x);
	$msg[$a] = $x;
	$a = 'icq';	$x = isset($_POST[$z.$a]) ? $_POST[$z.$a] : "";
	$reg = "[^0-9]";
	$x = ereg_replace($reg,"",$x);
	$x = substr($x,0,10);
	$msg[$a] = $x;
	$a = 'www';	$x = isset($_POST[$z.$a]) ? $_POST[$z.$a] : "";
	$reg = "http://(.*)";
	if (!ereg($reg,$x)) {$x = "http://".$x;}
	$reg = "^http:\/\/[[:alnum:]]+([-_\.]?[[:alnum:]])*\.[[:alpha:]]{2,4}(\/{1}[-_~&=\?\.a-zA-Z0-9]*)*$";
	if (!ereg($reg,$x)) {$x = "";}
	$x = substr($x,0,200);
	$x = htmlspecialchars($x);
	$reg = "\\n|\\r";
	$x = ereg_replace($reg,"",$x);
	$msg[$a] = $x;
	$a = 'text';	$x = isset($_POST[$z.$a]) ? $_POST[$z.$a] : "";
	if (detectSpam($x)) {$x = ""; $ERRORS[] = "msg get - antispam";}
	$x = trim($x);
	$x = stripslashes($x);
	$x = substr($x,0,2000);
	$x = htmlspecialchars($x);
	$x = nl2br($x);
	$reg = "\n|\r";
	$x = ereg_replace($reg,'',$x);
	$msg[$a] = $x;
	//zkus ulozit $msg do souboru se vzkazy
	if ($msg['name']!=="" && $msg['text']!=="")
		{
		bookWritedata($file_data,implode($data_sep,$msg),5000);
		}
	}
$vzkazy = bookReaddata($file_data,$data_sep);
if (count($ERRORS)>0) {echo '<pre class="errors">'; print_r($ERRORS); echo '</pre>';}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<head>
	<meta http-equiv="Content-language" content="cs"/>
	<meta http-equiv="Content-Type" content="text/html; charset=windows-1250"/>
	<title>PP guestbook v6.0</title>
	<style type="text/css">
	h3		{text-align:center;}
	fieldset	{width:30em;margin:0 auto;}
	</style>
</head>
<body>
<h3><a href="<?php echo $file_name; ?>">PP Guestbook v6.0</a></h3>
<p>
Soubory:
  <a href="<?php echo $file_name; ?>.txt"><?php echo $file_name.'.txt'; ?></a>
| <a href="<?php echo $file_data; ?>"><?php echo $file_data; ?></a>
</p>
<form name="f" action="<?php echo $file_name; ?>" method="post" enctype="multipart/form-data">
<fieldset>
<legend>Novy vzkaz</legend> 
<center>
<table>
<tbody valign="top">
<tr>	<td><label for="msgname">Jmeno</label></td>
	<td><input type="text" size="12" name="msgname" id="msgname"/></td>
	<td><label for="msgmail">Mail</label></td>
	<td><input type="text" size="24" name="msgmail" id="msgmail"/></td></tr>
<tr>	<td><label for="msgicq">icq</label></td>
	<td><input type="text" size="12" name="msgicq" id="msgicq"/></td>
	<td><label for="msgwww" >www</label></td>
	<td><input type="text" size="24" name="msgwww" id="msgwww"/></td></tr>
<tr>	<td><label for="msgtext">Text</label></td>
	<td colspan="3"><textarea cols="36" rows="5" name="msgtext" id="msgtext"></textarea></td></tr>
</tbody>
</table>
<input type="reset"  value="Smazat" />
<input type="submit" value="Odeslat"/>
</center>
</fieldset>
</form>
<div class="vzkazy">
<?php echo $vzkazy; ?> 
</div>
</body>